This document covers some of the alternatives for configuring LDAP Realms in Apache Geronimo v2.1. In previous version of Apache Geronimo, ApacheDS was shipped along with Geronimo. To reduce the server footprint and exploit the Geronimo plugin architecture the LDAP server is currently available as an optional plugin install rather then being bundled with the Geronimo server for 2.1. Having said this, ApacheDS is not a requirement for configuring an LDAP Realm. However it will be practical for the purposes of this document to use a local LDAP server.

This document is organized in the following sections:

Installing ApacheDS plugin (optional)

If you choose to have your LDAP service provided by ApacheDS and running from within Geronimo you can install it very quickly by installing the plugin. ApacheDS 1.0 plugin for Geronimo is based on Apache Directory v1.5.1 and can be installed from either the command line or the Administration Console.

You should receive a confirmation message the connection succeded Login succeeded with 1 principals

Click on Deploy Realm.

The LDAP Realm will deploy and you should be able to see it from the Security Realms portlet. From there you will be able to further edit the realm.

Note that in order to successfully connect and test this realm your LDAP server must be already configured/pre-loaded with the appropriate data. In other words, what you enter here matches with the one in the server. The LDAP server does not come with any preloaded sample data.

Using the command line deployer

As we mentioned, another way to deploy this configuration is via the Deployer tool from a command line. By deploying this way you will have to provide a deployment plan with all the configuraton information already there, there will not be an interactive menu this time.

The deployment itself is fairly simple, once you have the deployment plan sorted out run the following command from the <geronimo_home>/bin directory:

LDAP Realm deployment plan

We mentioned that when using the command line deployer you will need to provide a deployment plan. The purpose of this section is to show you a sample deployment plan, for additional details refer to the ldap-sample-app - LDAP Sample Application section.